How Did A Scam Email Know My Real Password?

Did you receive one of your passwords as the subject line of an email in your junk mailbox and freaked out about it? Me too! And here’s my story:

Yesterday I was checking my junk mailbox as usual because sometimes you do receive important emails in there. I noticed one of my old real passwords was the subject line on one of the emails. It was shocking and surprising to me. I didn’t know who these people were or how they managed to get my password.

I opened the email and it sounds and feels like any other spam email in my junk mailbox or in the world; threats, asking for an urgent payment, it needs to be done now and immediately and failing to do so will put your reputation on the line. At that point I was 100% sure that this email is a spam, they don’t know me or have any information about me except this old password. The question was how did they know it and where did they get it from?

Photo Source: Business InsiderPhoto Source: Bleeping Computer

Is It a New Trend?

With a little googling, I found out that it’s a new “trend” in the spamming world. Many people have received the same exact email with some different details. They received one of their old passwords in the subject line. The attacker tried to convince them that they’ve been filmed watching X-rated videos and asked them to make an immediate payment in Bitcoin or else they’ll send the video to all their friends.

The attackers don’t really know anything about you and they don’t have any access, either to your email or to your computer. The story is simply one of the websites that you’ve signed up to a long time ago have been hacked. Long lists of user names and their passwords have been stolen and used to convince victims that they’ve been hacked and filmed. According to BleepingComputer, scammers have already made over $50,000 USD in bitcoin payments to bitcoin addresses associated with these emails, and they are just the payments we know about – shocking, isn’t it?

What Should I Do If I Received a Similar Email?

If you received a similar email, the first thing you need to do is delete it immediately and move on!

In general, never respond to any email that asks you to do an urgent payment to save your reputation. This is a typical scam language and this is what these people do for a living. They will try to convince you in all possible ways that your reputation is on the line. You either make the payment TODAY or your life will be ruined. If you feel threatened or blackmailed by an email, it’s a scam.

If it was sent by someone you know then you need to contact them personally and make sure that they’ve sent such an email because many times the spammer might be using your friends’ identity to threaten you.

If you’ve been blackmailed in general and it was true and it wasn’t a spam. You should also not respond. Your first and only option is to report the incident to the police. Blackmailing is a serious crime and it won’t stop in one payment or even two. I know it’s easier said than done but you should always think that reporting it immediately to the police is the right choice. Let them know the sensitivity of your situation so they can help in the best way possible and protect you from becoming a victim of continued blackmailing.

How Do I Protect My Personal Information When Signing Up to Websites?

The Internet is a big world, full of information and exciting opportunities. You should be able to enjoy this technology without worrying about the privacy or security of your personal data and online accounts. New laws and legislation, such as GDPR, are now in place to ensure your rights on this virtual world and increase businesses’ responsibilities for possible breaches in their websites. However, making the internet a safer place for all can only be achieved if each one of us becomes more responsible with securing their data online. For instance, these following steps should be basics for all people online:

1- Update your passwords regularly.

2- Don’t use the same password for all websites.

3- Always use two-factors authentication for your password whenever possible. This ensures that even if your current password was stolen, criminals won’t be able to access your account.

4- If you don’t have to sign up to a website, then don’t.

5- If you are not using your account in a website, or stopped using it, then delete it.

6- Don’t save your credit card details, date of birth or house address online. I know it’s much easier to do so especially if you keep buying from a certain website but any possible breach means huge losses to you.

7- Disable file and media sharing whenever possible or when you are not using it.

8- Keep all your software up-to-date. Updates include security patches to weak and vulnerable code. They aim to strengthen your software from possible hacks and are not just implemented for new features.

9- Don’t purchase anything or signup to any website without an SSL certificate. A website with an SSL certificate has a small lock symbol on the left side of its URL. Learn more about SSL certificate in this article “Google Chrome SSL certificate changes. Are you ready?”

10- If an email sounds strange, then it most probably is. Always check signs for a phishing email before clicking on any link or downloading any attachment. We’ve explained these signs in our article “Phishing emails”

11- If you received an email from a colleague or your boss asking you to make an immediate payment. Don’t – always! Call them personally instead “even if they said they are in a meeting” and make sure that this email is legit. Read more about CEO phishing and its signs.

12- Always report fraud and scam emails to UK action fraud. It’s important to do so they can track these emails and spread the world so other vulnerable people become aware of any new trend in scamming.

We’ve read many real stories about people of all age groups that have become victims for such emails, not only make payments but also committed suicides when they couldn’t handle being blackmailed. It’s thus very important to spread the word, raise the awareness about such emails especially among vulnerable groups such as youth and children and teach them how to deal with threats and blackmailing.

Reach Out

We are always happy to help if you are facing any data security issues in your workplace or business. If you have any question or query, please don’t hesitate to contact us on 0345 200 1185 or send us an email to info@daffodil-it.co.uk